From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020529 Description of problem: A malloc()ed block is free()d twice when running the testcase libio/tst-fopenloc. Version-Release number of selected component (if applicable): glibc-2.3.2-11.9 How reproducible: Always Steps to Reproduce: 1.Run testcase libio/tst-fopenloc with breakpoints at __gconv_release_cache, __gconv_release_step, and __gconv_lookup_cache+289 (just after the call to malloc() at line 360). 2. At each breakpoint, print $eax, which contains the pointer of interest. 3. Actual Results: Note that the first block allocated [the call to malloc() in __gconv_lookup_cache] is freed once from __gconv_release_cache and once from __gconv_release_step. Expected Results: No block is referenced after it is free()d. Additional info: Here is the error report from a commercial tool. valgrind ought to report similarly. [gconv_db.c:199] (Thread 0) **READ_DANGLING** >> if (--step->__counter == 0) Reading from a dangling pointer. Pointer : 0x0804ae98 In block: 0x0804ae90 thru 0x0804af07 (120 bytes) block allocated at gconv_cache.c, 360 __gconv_lookup_cache() gconv_cache.c, 360 __gconv_find_transform() gconv_db.c, 689 __wcsmbs_getfct() wcsmbsload.c, 92 __wcsmbs_named_conv() wcsmbsload.c, 244 _IO_new_file_fopen() fileops.c, 53 __fopen_internal() iofopen.c, 92 _IO_new_fopen() iofopen.c, 106 main() tst-fopenloc.c, 42 stack trace where memory was freed: __gconv_release_cache() gconv_cache.c, 447 _IO_new_file_fopen() fileops.c, 403 __fopen_internal() iofopen.c, 92 _IO_new_fopen() iofopen.c, 106 main() tst-fopenloc.c, 42 Stack trace where the error occurred: __gconv_release_step() gconv_db.c, 199 _IO_new_fclose() iofclose.c, 76 main() tst-fopenloc.c, 59
An errata has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2003-136.html